Originally published by New Context.
The 1920s—often referred to as the “Roaring Twenties”—produced some key historical figures. One of these whose life both inspired and saddened many people around the world was Charles Lindberg. Hailed as an example of the indomitable human spirit for making the first solo non-stop transatlantic flight of over 2000 miles in 1927, Lindberg would face probably the greatest tragedy a family can experience just a few short years later when his infant son was kidnapped. Even though the ransom was paid, he did not get his son back.
Regrettably, many enterprises are at risk of being placed in the same predicament as Lindberg, now in cyberspace. The accessing and encrypting of important data is one of the most debilitating and costly cybersecurity risks that companies face from hackers today. This makes it pivotal to understand ransomware attacks and how to prevent this type of cloud security breach from threatening your information security (InfoSec).
What is a Ransomware Attack?
Prior to defining a ransomware attack itself, it may be helpful to review a few related definitions:
- The study of how to develop software tools with the ability to disrupt computing operations using cryptography is known as Cryptovirology. One of the most harmful tools is malware.
- Malware describes any of a number of software scripts and/or programs designed to do harm to a computer or network. Types of malware include: Trojans, worms, spyware, Adware, and ransomware.
- Ransomware is malware that is used to extort some type of payment from a person or company by blocking the owner’s access or threatening to expose the information.
With these foundations in mind, a ransomware attack itself can be defined as a product of dedicated development intended to cause disruption to operations and perhaps profit from gaining illegitimate access to a computer system or network. Perhaps, it is no great surprise that ransomware attacks occur, but if you want to avoid being victimized by them, as unfortunately many other companies and organizations have been, it is important to know why they occur.
Why Do Ransomware Attacks Occur?
The reasons why some choose to execute ransomware attacks cannot be reduced to simply financial gain—though it is probably the leading cause. Some attacks may also be personally or politically motivated, or based on some utilitarianism philosophy. Irrespective of the attacker’s inspiration, protecting your operations or assets requires that you understand the most common methods and vulnerabilities that enable successful ransomware attacks.
REASONS WHY RANSOMWARE ATTACKS SUCCEED
|Spam and Phishing emails||Poor user security practices|
|Password Compromise||Weak password/lost or stolen password;
Insufficient computer system(s) security practices
|Misleading Thumbnails||Poor user security practices|
|Malicious Websites and Web Ads||Poor user security practices|
|Remote Desktop Access||Insufficient computer system(s) security practices|
It is obvious from the list above that for most successful ransomware attacks, the computer owner, systems administrator, and/or the entity victimized unwittingly abet the process. This fact provides both encouragement and a challenge to preventing these attacks.
Can a Ransomware Attack be Prevented?
Unfortunately, the answer to the question, “Can a ransomware attack be prevented?” is no. As long as someone, somewhere, thinks that your data has value that they can leverage, you are a potential target. However, all is not lost. It is true that you cannot prevent attacks or attempts to access and lock your data, yet, there are actions and practices that can stop them from being successful.
The uncomfortable truth about ransomware attacks is they require some degree of unpreparedness or inaction by the victim to be successful. For example, spam and phishing emails are benign unless opened. Additionally, failure to require that the remote desktop is either password protected or not open is an IT oversight that can allow users to access files on your machine. To avoid these types of breaches, the following simple steps can be instituted.
5 Steps to Stop Ransomware Attacks
- Step 1: Adopt and prioritize a security culture. Often, ransomware attacks succeed due to employees placing efficiency over security. Therefore, it is critical that the importance of security be emphasized beginning with the executive level of an organization. Policy and controls are in place for good reason, and making sure your team understands those reasons is important. This will enable the formation of a strong cybersecurity culture.
- Step 2: Train personnel on the best security practices. One of the most important ways to avoid ransomware attack success is to provide training to your employees on how not to fall victim to these attempts.
- Step 3: Employ strong account management policies. Forcing users to periodically update passwords and forcing those credentials to pass a strength test are good account management policies that administrators can employ to support a strong security posture and make it more difficult for passwords to be compromised.
- Step 4: Network segmentation. One of the actions that can be taken to make it more difficult to locate and access data is to use subnets or add layers that must be breached for access.
- Step 5: Use redundancy and backups. Another good option is to add redundancy or duplicate your data and store it in another location(s). Regular backups can be used here, but also mirrored locations, such as cloud and local storage.
By instituting the steps above, your resistance and resiliency to ransomware attacks will be greatly improved, which can be a tremendous cost savings.